Real-Time Sensor Validation System 
Developed for Reusable Launch Vehicle 

Testbed 


A real-time system for validating sensor health has been developed for the reusable launch 
vehicle (RLV) program. This system, which is part of the propulsion checkout and control 
system (PCCS), was designed for use in an integrated propulsion technology demonstrator 
testbed built by Rockwell International and located at the NASA Marshall Space Flight 
Center. Work on the sensor health validation system, a result of an industry-NASA 
partnership, was completed at the NASA Lewis Research Center, then delivered to 
Marshall for integration and testing. 

The sensor validation software performs three basic functions: it identifies failed sensors, it 
provides reconstructed signals for failed sensors, and it identifies off-nominal system 
transient behavior that cannot be attributed to a failed sensor. The code is initiated by host 
software before the start of a propulsion system test, and it is called by the host program 
every control cycle. The output is posted to global memory for use by other PCCS 
modules. Output includes a list indicating the status of each sensor (i.e., failed, healthy, or 
reconstructed) and a list of features that are not due to a sensor failure. If a sensor failure 
is found, the system modifies that sensor's data array by substituting a reconstructed 
signal, when possible, for use by other PCCS modules. 



START 



DETECT 

COMMANDED 

EVENTS 


SENSOR 

DATA 


Phase and 
valve commands 


SENSOR 

REASONABLENESS 

CHECKS 


'Hard' sensor 
failures 


P hase^dependent 
thresholds, 
valve states 


Rate and 
limit checks 



DETECT 

TRANSIENT 

FEATURES 


REDUNDANT 

CHANNEL 

COMPARE 


pi.— ■■g-.-u- - 1 

Features 



Redundant 
check 
_ failures 


CLIPS expert system: 
multi parameter 
transient cross- 
checks 


RESOLVE 

REDUNDANT 

CHANNEL CHECK 

FAILURES 




Pass feature 
information on to 
Transient Detector 
Module 


REORT FAILED 
SENSORS 
(update sensor 
status array) 

EXIT 


Sensor validation function. 

To determine whether a sensor has failed, the software first scans for hard failures by 
checking its range and rate of change against predetermined limits. The data are then 
processed to find any features such as drifts, shifts in level, peaks and spikes, and 
disagreement between redundant channels. Any discrepancies found among redundant 
sensors during steady-state system operation are compared with features found in the data. 
This arbitration is performed by an expert system encoded by using an expert system shell. 
Any detected features that are not associated with a failed sensor are checked against 
planned system events, such as valve changes. Features that cannot be explained by a 
malfunctioning sensor or known system event are reported as transient behavior. This 
information is then used by other PCCS modules to determine the health of the remaining 
system components. 
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Sensor reconstruction function. 

Review of test data from initial integration testing verified operation in real time. Tests 
were performed for both hard and soft sensor failures, and the sensor validation system 
was shown to work properly. 
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■— Remaining features 
System transient detector function. 
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